Register | Log in

libarchive

Choose email to subscribe with

general

source: libarchive (main)
version: 3.8.5-1
maintainer: Gabriel Barrantes (DMD)
uploaders: Antoine Le Gonidec [DMD] – Syed Shahrukh Hussain [DMD]
arch: any
std-ver: 4.7.3
VCS: Git (Browse, QA)

versions [more versions can be listed by madison] [old versions available from snapshot.debian.org]

[pool directory]

o-o-stable: 3.4.3-2+deb11u1
o-o-sec: 3.4.3-2+deb11u3
oldstable: 3.6.2-1+deb12u3
old-sec: 3.6.2-1+deb12u2
stable: 3.7.4-4
testing: 3.7.4-4
unstable: 3.8.5-1

versioned links

3.4.3-2+deb11u1: [.dsc, use dget on this link to retrieve source package] [changelog] [copyright] [rules] [control]
3.4.3-2+deb11u3: [.dsc, use dget on this link to retrieve source package] [changelog] [copyright] [rules] [control]
3.6.2-1+deb12u2: [.dsc, use dget on this link to retrieve source package] [changelog] [copyright] [rules] [control]
3.6.2-1+deb12u3: [.dsc, use dget on this link to retrieve source package] [changelog] [copyright] [rules] [control]
3.7.4-4: [.dsc, use dget on this link to retrieve source package] [changelog] [copyright] [rules] [control]
3.8.4-1: [.dsc, use dget on this link to retrieve source package] [changelog] [copyright] [rules] [control]
3.8.5-1: [.dsc, use dget on this link to retrieve source package] [changelog] [copyright] [rules] [control]

binaries

libarchive-dev
libarchive-tools (3 bugs: 0, 2, 1, 0)
libarchive13t64 (1 bugs: 0, 0, 1, 0)

action needed

1 security issue in forky high

There is 1 open security issue in forky.

1 important issue:

CVE-2025-5918: A vulnerability has been identified in the libarchive library. This flaw can be triggered when file streams are piped into bsdtar, potentially allowing for reading past the end of the file. This out-of-bounds read can lead to unintended consequences, including unpredictable program behavior, memory corruption, or a denial-of-service condition.

Created: 2025-08-09 Last update: 2026-01-11 23:31

lintian reports 4 warnings normal

Lintian reports 4 warnings about this package. You should make the package lintian clean getting rid of them.

Created: 2025-08-15 Last update: 2026-01-12 03:01

1 low-priority security issue in trixie low

There is 1 open security issue in trixie.

1 issue left for the package maintainer to handle:

CVE-2025-5918: (needs triaging) A vulnerability has been identified in the libarchive library. This flaw can be triggered when file streams are piped into bsdtar, potentially allowing for reading past the end of the file. This out-of-bounds read can lead to unintended consequences, including unpredictable program behavior, memory corruption, or a denial-of-service condition.

You can find information about how to handle this issue in the security team's documentation.

Created: 2025-06-09 Last update: 2026-01-11 23:31

1 low-priority security issue in bookworm low

There is 1 open security issue in bookworm.

1 issue left for the package maintainer to handle:

CVE-2025-5918: (needs triaging) A vulnerability has been identified in the libarchive library. This flaw can be triggered when file streams are piped into bsdtar, potentially allowing for reading past the end of the file. This out-of-bounds read can lead to unintended consequences, including unpredictable program behavior, memory corruption, or a denial-of-service condition.

You can find information about how to handle this issue in the security team's documentation.

Created: 2025-06-09 Last update: 2026-01-11 23:31

testing migrations

excuses:
- Migration status for libarchive (3.7.4-4 to 3.8.5-1): BLOCKED: Rejected/violates migration policy/introduces a regression
- Issues preventing migration:
- ∙ ∙ Autopkgtest for cmake/4.1.1+really3.31.6-2: amd64: Regression ♻ (reference ♻), arm64: Regression ♻ (reference ♻), i386: Regression ♻ (reference ♻), ppc64el: Regression ♻ (reference ♻), riscv64: Test triggered (failure will be ignored), s390x: Regression ♻ (reference ♻)
- ∙ ∙ Autopkgtest for genext2fs/1.5.0-3: amd64: Regression ♻ (reference ♻), arm64: Pass, i386: Failed (not a regression) ♻ (reference ♻), ppc64el: Failed (not a regression) ♻ (reference ♻), riscv64: Failed (not a regression) ♻ (reference ♻), s390x: Failed (not a regression) ♻ (reference ♻)
- ∙ ∙ Autopkgtest for libarchive/3.8.5-1: amd64: Pass, arm64: Pass, i386: Pass, ppc64el: Pass, riscv64: Pass, s390x: Pass
- ∙ ∙ Too young, only 0 of 5 days old
- Additional info (not blocking):
- ∙ ∙ Piuparts tested OK - https://piuparts.debian.org/sid/source/liba/libarchive.html
- ∙ ∙ Waiting for reproducibility test results on amd64 - info ♻
- ∙ ∙ Waiting for reproducibility test results on arm64 - info ♻
- Not considered

news

[2026-01-11] Accepted libarchive 3.8.5-1 (source) into unstable (Gabriel Barrantes) (signed by: Antoine Le Gonidec)
[2026-01-08] Accepted libarchive 3.8.4-1 (source) into unstable (Antoine Le Gonidec)
[2025-11-11] Accepted libarchive 3.4.3-2+deb11u3 (source) into oldoldstable-security (Bastien Roucariès) (signed by: Bastien ROUCARIÈS)
[2025-08-27] Accepted libarchive 3.6.2-1+deb12u3 (source) into oldstable-proposed-updates (Debian FTP Masters) (signed by: Moritz Mühlenhoff)
[2025-07-30] libarchive 3.7.4-4 MIGRATED to testing (Debian testing watch)
[2025-07-26] Accepted libarchive 3.7.4-4 (source) into unstable (Peter Pentchev)
[2025-05-08] libarchive 3.7.4-3 MIGRATED to testing (Debian testing watch)
[2025-04-27] Accepted libarchive 3.7.4-3 (source) into unstable (Peter Pentchev)
[2025-04-26] Accepted libarchive 3.7.4-2 (source) into unstable (Peter Pentchev)
[2024-11-11] Accepted libarchive 3.4.3-2+deb11u2 (source) into oldstable-security (Adrian Bunk)
[2024-11-11] Accepted libarchive 3.6.2-1+deb12u2 (source) into proposed-updates (Debian FTP Masters) (signed by: Salvatore Bonaccorso)
[2024-11-10] libarchive 3.7.4-1.1 MIGRATED to testing (Debian testing watch)
[2024-11-09] Accepted libarchive 3.6.2-1+deb12u2 (source) into stable-security (Debian FTP Masters) (signed by: Salvatore Bonaccorso)
[2024-11-03] Accepted libarchive 3.7.4-1.1 (source) into unstable (Salvatore Bonaccorso)
[2024-08-09] libarchive 3.7.4-1 MIGRATED to testing (Debian testing watch)
[2024-08-07] Accepted libarchive 3.7.4-1 (source) into unstable (Peter Pentchev)
[2024-06-09] Accepted libarchive 3.6.2-1+deb12u1 (source) into proposed-updates (Debian FTP Masters) (signed by: Salvatore Bonaccorso)
[2024-06-06] libarchive 3.7.2-2.1 MIGRATED to testing (Debian testing watch)
[2024-06-05] Accepted libarchive 3.6.2-1+deb12u1 (source) into stable-security (Debian FTP Masters) (signed by: Salvatore Bonaccorso)
[2024-06-03] Accepted libarchive 3.7.2-2.1 (source) into unstable (Salvatore Bonaccorso)
[2024-04-25] libarchive 3.7.2-2 MIGRATED to testing (Debian testing watch)
[2024-03-31] Accepted libarchive 3.7.2-2 (source) into unstable (Peter Pentchev)
[2024-02-29] Accepted libarchive 3.7.2-1.1 (source) into unstable (Lukas Märdian)
[2024-01-31] Accepted libarchive 3.7.2-1.1~exp1 (source) into experimental (Steve Langasek)
[2023-10-18] libarchive 3.7.2-1 MIGRATED to testing (Debian testing watch)
[2023-10-14] Accepted libarchive 3.7.2-1 (source) into unstable (Peter Pentchev)
[2023-01-30] Accepted libarchive 3.3.3-4+deb10u3 (source) into oldstable (Thorsten Alteholz)
[2022-12-27] libarchive 3.6.2-1 MIGRATED to testing (Debian testing watch)
[2022-12-27] libarchive 3.6.2-1 MIGRATED to testing (Debian testing watch)
[2022-12-24] Accepted libarchive 3.6.2-1 (source) into unstable (Peter Pentchev)

1
2

bugs [bug history graph]

all: 9
RC: 0
I&N: 6
M&W: 2
F&P: 1
patch: 0

links

homepage
lintian (0, 4)
buildd: logs, reproducibility, cross
popcon
browse source code
edit tags
other distros
security tracker
debci

ubuntu

[Information about Ubuntu for Debian Developers]

version: 3.7.7-0ubuntu3
3 bugs
patches for 3.7.7-0ubuntu3

Debian Package Tracker — Copyright 2013-2025 The Distro Tracker Developers

Report problems to the tracker.debian.org pseudo-package in the Debian BTS.

Documentation — Bugs — Git Repository — Contributing